From a8b220b37058ec16ec4efcf040723b762f9992cd Mon Sep 17 00:00:00 2001 From: "mstoltz%netscape.com" Date: Sun, 23 Apr 2000 21:25:39 +0000 Subject: [PATCH] Backing out changes until I can figure out why it's crashing on startup. git-svn-id: svn://10.0.0.236/trunk@66937 18797224-902f-48f8-a5cc-f745e15eee43 --- mozilla/caps/idl/nsICertificatePrincipal.idl | 5 +- mozilla/caps/idl/nsIPrincipal.idl | 7 +- mozilla/caps/idl/nsIScriptSecurityManager.idl | 12 +- mozilla/caps/include/nsAggregatePrincipal.h | 2 +- mozilla/caps/include/nsBasePrincipal.h | 6 +- mozilla/caps/include/nsCertificatePrincipal.h | 10 +- mozilla/caps/include/nsCodebasePrincipal.h | 2 - .../caps/include/nsScriptSecurityManager.h | 8 +- mozilla/caps/include/nsSystemPrincipal.h | 2 +- mozilla/caps/src/nsAggregatePrincipal.cpp | 106 +++--- mozilla/caps/src/nsBasePrincipal.cpp | 118 +++---- mozilla/caps/src/nsCertificatePrincipal.cpp | 126 +++---- mozilla/caps/src/nsCodebasePrincipal.cpp | 45 +-- mozilla/caps/src/nsScriptSecurityManager.cpp | 216 +++--------- mozilla/caps/src/nsSystemPrincipal.cpp | 16 +- .../html/document/src/nsHTMLContentSink.cpp | 7 +- .../psm-glue/src/nsPSMComponent.cpp | 57 +--- .../html/document/src/nsHTMLContentSink.cpp | 7 +- mozilla/modules/libjar/nsIZipReader.idl | 3 +- mozilla/modules/libjar/nsJAR.cpp | 315 ++++++++---------- mozilla/modules/libjar/nsJAR.h | 14 +- mozilla/modules/libjar/nsJARChannel.cpp | 4 +- mozilla/modules/libpref/src/nsPref.cpp | 12 +- .../netwerk/protocol/jar/src/nsJARChannel.cpp | 4 +- 24 files changed, 422 insertions(+), 682 deletions(-) diff --git a/mozilla/caps/idl/nsICertificatePrincipal.idl b/mozilla/caps/idl/nsICertificatePrincipal.idl index 2aafb1f84cd..a10d8d749ac 100644 --- a/mozilla/caps/idl/nsICertificatePrincipal.idl +++ b/mozilla/caps/idl/nsICertificatePrincipal.idl @@ -31,6 +31,7 @@ [uuid(ebfefcd0-25e1-11d2-8160-006008119d7a)] interface nsICertificatePrincipal : nsISupports { - readonly attribute string certificateID; - attribute string commonName; + readonly attribute string issuerName; + readonly attribute string serialNumber; + readonly attribute string companyName; }; diff --git a/mozilla/caps/idl/nsIPrincipal.idl b/mozilla/caps/idl/nsIPrincipal.idl index b90c04d0ad2..527a51cc445 100644 --- a/mozilla/caps/idl/nsIPrincipal.idl +++ b/mozilla/caps/idl/nsIPrincipal.idl @@ -19,7 +19,6 @@ * * Contributor(s): * Norris Boyd - * Mitch Stoltz */ /* Defines the abstract interface for a principal. */ @@ -27,12 +26,14 @@ #include "nsISupports.idl" %{C++ +class nsSupportsHashtable; struct JSPrincipals; %} interface nsIPref; [ptr] native JSPrincipals(JSPrincipals); +[ptr] native nsSupportsHashtable(nsSupportsHashtable); [uuid(ff9313d0-25e1-11d2-8160-006008119d7a)] interface nsIPrincipal : nsISupports { @@ -49,8 +50,6 @@ interface nsIPrincipal : nsISupports { string ToUserVisibleString(); - void ToStreamableForm(out string name, out string data); - boolean Equals(in nsIPrincipal other); unsigned long HashValue(); @@ -68,6 +67,8 @@ interface nsIPrincipal : nsISupports { void RevertCapability(in string capability, inout voidStar annotation); void DisableCapability(in string capability, inout voidStar annotation); + + void Save(in nsSupportsHashtable aPrincipals, in nsIPref prefs); }; diff --git a/mozilla/caps/idl/nsIScriptSecurityManager.idl b/mozilla/caps/idl/nsIScriptSecurityManager.idl index 59b3ff6c713..837c75ab379 100644 --- a/mozilla/caps/idl/nsIScriptSecurityManager.idl +++ b/mozilla/caps/idl/nsIScriptSecurityManager.idl @@ -56,7 +56,8 @@ interface nsIScriptSecurityManager : nsISupports /** * Return a principal that can be QI'd to nsICertificatePrincipal. */ - nsIPrincipal GetCertificatePrincipal(in string CertID); + nsIPrincipal GetCertificatePrincipal(in string aIssuer, in string aSerialNumber, + in string companyName); ///////////////// Security Checks ////////////////// @@ -135,15 +136,6 @@ interface nsIScriptSecurityManager : nsISupports * script. */ void DisableCapability(in string capability); - - //////////////// Master Certificate Functions //////////////////// - - /** - * Allow 'certificateID' to enable 'capability.' Can only be performed - * by code signed by the system certificate. - */ - void SetCanEnableCapability(in string certificateID, in string capability, - in short canEnable); }; %{C++ diff --git a/mozilla/caps/include/nsAggregatePrincipal.h b/mozilla/caps/include/nsAggregatePrincipal.h index 0f716d841f9..14115995e74 100644 --- a/mozilla/caps/include/nsAggregatePrincipal.h +++ b/mozilla/caps/include/nsAggregatePrincipal.h @@ -82,7 +82,7 @@ public: DisableCapability(const char *capability, void **annotation); NS_IMETHOD - ToStreamableForm(char** aName, char** aData); + Save(nsSupportsHashtable* aPrincipals, nsIPref *prefs); nsAggregatePrincipal(); diff --git a/mozilla/caps/include/nsBasePrincipal.h b/mozilla/caps/include/nsBasePrincipal.h index 95e87391c14..0e1a79f966e 100644 --- a/mozilla/caps/include/nsBasePrincipal.h +++ b/mozilla/caps/include/nsBasePrincipal.h @@ -61,10 +61,8 @@ public: nsresult InitFromPersistent(const char *name, const char *data); - NS_IMETHOD - ToStreamableForm(char** aName, char** aData); - - static const char Invalid[]; + NS_IMETHOD + Save(nsSupportsHashtable* aPrincipals, nsIPref *prefs); protected: enum AnnotationValue { AnnotationEnabled=1, AnnotationDisabled }; diff --git a/mozilla/caps/include/nsCertificatePrincipal.h b/mozilla/caps/include/nsCertificatePrincipal.h index 2acde424603..46359a4ada7 100644 --- a/mozilla/caps/include/nsCertificatePrincipal.h +++ b/mozilla/caps/include/nsCertificatePrincipal.h @@ -48,8 +48,6 @@ public: NS_IMETHOD ToUserVisibleString(char **result); - NS_IMETHOD ToStreamableForm(char** aName, char** aData); - NS_IMETHOD Equals(nsIPrincipal *other, PRBool *result); NS_IMETHOD HashValue(PRUint32 *result); @@ -58,15 +56,17 @@ public: NS_IMETHOD InitFromPersistent(const char *name, const char* data); - NS_IMETHOD Init(const char* aCertificateID); + NS_IMETHOD Init(const char* aIssuerName, const char* aSerialNumber, + const char* aCompanyName); nsCertificatePrincipal(); virtual ~nsCertificatePrincipal(void); protected: - char* mCertificateID; - char* mCommonName; + char* mIssuerName; + char* mSerialNumber; + char* mCompanyName; }; #endif // _NS_CERTIFICATE_PRINCIPAL_H_ diff --git a/mozilla/caps/include/nsCodebasePrincipal.h b/mozilla/caps/include/nsCodebasePrincipal.h index 0ecd58bf6c1..20238a199ec 100644 --- a/mozilla/caps/include/nsCodebasePrincipal.h +++ b/mozilla/caps/include/nsCodebasePrincipal.h @@ -47,8 +47,6 @@ public: NS_IMETHOD ToUserVisibleString(char **result); - NS_IMETHOD ToStreamableForm(char** aName, char** aData); - NS_IMETHOD Equals(nsIPrincipal *other, PRBool *result); NS_IMETHOD HashValue(PRUint32 *result); diff --git a/mozilla/caps/include/nsScriptSecurityManager.h b/mozilla/caps/include/nsScriptSecurityManager.h index d80cd127a51..1468b7affbc 100644 --- a/mozilla/caps/include/nsScriptSecurityManager.h +++ b/mozilla/caps/include/nsScriptSecurityManager.h @@ -103,6 +103,8 @@ public: GetScriptSecurityManager(); private: + void + LookupPrincipal(nsCOMPtr* aPrincipal); NS_IMETHOD GetSubjectPrincipal(JSContext *aCx, nsIPrincipal **result); @@ -138,9 +140,6 @@ private: GetPrincipalAndFrame(JSContext *cx, nsIPrincipal **result, JSStackFrame **frameResult); - NS_IMETHOD - SavePrincipal(nsIPrincipal* aToSave); - NS_IMETHOD InitFromPrefs(); @@ -159,11 +158,10 @@ private: nsObjectHashtable *mOriginToPolicyMap; nsIPref *mPrefs; nsIPrincipal *mSystemPrincipal; - nsCOMPtr mSystemCertificate; nsSupportsHashtable *mPrincipals; PRBool mIsJavaScriptEnabled; PRBool mIsMailJavaScriptEnabled; - PRBool mIsAccessingPrefs; + PRBool mIsWritingPrefs; unsigned char hasPolicyVector[(NS_DOM_PROP_MAX >> 3) + 1]; unsigned char hasDomainPolicyVector[(NS_DOM_PROP_MAX >> 3) + 1]; }; diff --git a/mozilla/caps/include/nsSystemPrincipal.h b/mozilla/caps/include/nsSystemPrincipal.h index a2f3294f169..e0fcfa6281a 100644 --- a/mozilla/caps/include/nsSystemPrincipal.h +++ b/mozilla/caps/include/nsSystemPrincipal.h @@ -60,7 +60,7 @@ public: NS_IMETHOD DisableCapability(const char *capability, void * *annotation); - NS_IMETHOD ToStreamambleForm(char** aName, char** aData); + NS_IMETHOD Save(nsSupportsHashtable* aPrincipals, nsIPref* aPrefs); NS_IMETHOD Init(); diff --git a/mozilla/caps/src/nsAggregatePrincipal.cpp b/mozilla/caps/src/nsAggregatePrincipal.cpp index 072d918065f..49a487307b4 100644 --- a/mozilla/caps/src/nsAggregatePrincipal.cpp +++ b/mozilla/caps/src/nsAggregatePrincipal.cpp @@ -24,7 +24,7 @@ /*describes principals which combine one or more principals*/ #include "nsAggregatePrincipal.h" -#include "nsIURI.h" +#include "nsIURI.h" ////////////////////// static NS_DEFINE_IID(kIAggregatePrincipalIID, NS_IAGGREGATEPRINCIPAL_IID); @@ -38,39 +38,42 @@ NSBASEPRINCIPALS_RELEASE(nsAggregatePrincipal); // Methods implementing nsICertificatePrincipal // ////////////////////////////////////////////////// NS_IMETHODIMP -nsAggregatePrincipal::GetCertificateID(char** aCertificateID) +nsAggregatePrincipal::GetIssuerName(char** aIssuerName) { if (!mCertificate) { - aCertificateID = nsnull; + aIssuerName = nsnull; return NS_ERROR_FAILURE; } nsCOMPtr certificate = do_QueryInterface(mCertificate); - return certificate->GetCertificateID(aCertificateID); + return certificate->GetIssuerName(aIssuerName); } NS_IMETHODIMP -nsAggregatePrincipal::GetCommonName(char** aCommonName) +nsAggregatePrincipal::GetSerialNumber(char** aSerialNumber) { if (!mCertificate) { - *aCommonName = nsnull; + *aSerialNumber = nsnull; return NS_ERROR_FAILURE; } nsCOMPtr certificate = do_QueryInterface(mCertificate); - return certificate->GetCommonName(aCommonName); + return certificate->GetSerialNumber(aSerialNumber); } NS_IMETHODIMP -nsAggregatePrincipal::SetCommonName(const char* aCommonName) +nsAggregatePrincipal::GetCompanyName(char** aCompanyName) { if (!mCertificate) + { + *aCompanyName = nsnull; return NS_ERROR_FAILURE; + } nsCOMPtr certificate = do_QueryInterface(mCertificate); - return certificate->SetCommonName(aCommonName); + return certificate->GetCompanyName(aCompanyName); } /////////////////////////////////////////////// @@ -188,38 +191,16 @@ nsAggregatePrincipal::SetCodebase(nsIPrincipal* aCodebase) return NS_OK; } -NS_IMETHODIMP -nsAggregatePrincipal::GetPrimaryChild(nsIPrincipal** aPrimaryChild) -{ - //-- If a certificate is present, then that's the PrimaryChild principal. - // Otherwise we use the codebase. - if (mCertificate) - *aPrimaryChild = mCertificate.get(); - else if (mCodebase) - *aPrimaryChild = mCodebase.get(); - else - { - *aPrimaryChild = nsnull; - return NS_ERROR_FAILURE; - } - - NS_IF_ADDREF(*aPrimaryChild); - return NS_OK; -} - NS_IMETHODIMP nsAggregatePrincipal::Intersect(nsIPrincipal* other) { NS_ASSERTION(mCodebase, "Principal without codebase"); - if (mCertificate) - { - PRBool sameCert = PR_FALSE; - if (NS_FAILED(mCertificate->Equals(other, &sameCert))) - return NS_ERROR_FAILURE; - if (!sameCert) - SetCertificate(nsnull); - } + PRBool sameCert = PR_FALSE; + if (NS_FAILED(mCertificate->Equals(other, &sameCert))) + return NS_ERROR_FAILURE; + if (!sameCert) + SetCertificate(nsnull); return NS_OK; } @@ -247,34 +228,30 @@ nsAggregatePrincipal::ToUserVisibleString(char **result) NS_IMETHODIMP nsAggregatePrincipal::Equals(nsIPrincipal * other, PRBool * result) { - *result = PR_FALSE; if (this == other) { *result = PR_TRUE; return NS_OK; } - if (!other) + if (!other) { + *result = PR_FALSE; return NS_OK; - + } nsresult rv; nsCOMPtr otherAgg = do_QueryInterface(other, &rv); if (NS_FAILED(rv)) + { + *result = PR_FALSE; return NS_OK; - //-- Two aggregates are equal if both codebase and certificate are equal - PRBool certEqual = PR_TRUE; - if (mCertificate) - { - mCertificate->Equals(other, &certEqual); - if(NS_FAILED(rv)) return rv; } - PRBool cbEqual = PR_TRUE; - if (mCodebase) - { - rv = mCodebase->Equals(other, &cbEqual); - if(NS_FAILED(rv)) return rv; - } - if (mCertificate || mCodebase) // At least one must be present - *result = certEqual && cbEqual; + //-- Two aggregates are equal if both codebase and certificate are equal + *result = PR_FALSE; + PRBool certEqual, cbEqual; + rv = mCertificate->Equals(other, &certEqual); + if(NS_FAILED(rv)) return rv; + rv = mCodebase->Equals(other, &cbEqual); + if(NS_FAILED(rv)) return rv; + *result = certEqual && cbEqual; return NS_OK; } @@ -345,12 +322,31 @@ nsAggregatePrincipal::DisableCapability(const char *capability, void **annotatio } NS_IMETHODIMP -nsAggregatePrincipal::ToStreamableForm(char** aName, char** aData) +nsAggregatePrincipal::Save(nsSupportsHashtable* aPrincipals, nsIPref *prefs) { nsCOMPtr PrimaryChild; if (NS_FAILED(GetPrimaryChild(getter_AddRefs(PrimaryChild)))) return NS_ERROR_FAILURE; - return PrimaryChild->ToStreamableForm(aName, aData); + return PrimaryChild->Save(aPrincipals, prefs); +} + +NS_IMETHODIMP +nsAggregatePrincipal::GetPrimaryChild(nsIPrincipal** aPrimaryChild) +{ + //-- If a certificate is present, then that's the PrimaryChild principal. + // Otherwise we use the codebase. + if (mCertificate) + *aPrimaryChild = mCertificate.get(); + else if (mCodebase) + *aPrimaryChild = mCodebase.get(); + else + { + *aPrimaryChild = nsnull; + return NS_ERROR_FAILURE; + } + + NS_IF_ADDREF(*aPrimaryChild); + return NS_OK; } ///////////////////////////////////////////// diff --git a/mozilla/caps/src/nsBasePrincipal.cpp b/mozilla/caps/src/nsBasePrincipal.cpp index 5d313a86ba2..18e315949da 100644 --- a/mozilla/caps/src/nsBasePrincipal.cpp +++ b/mozilla/caps/src/nsBasePrincipal.cpp @@ -28,6 +28,7 @@ ////////////////////////// + nsBasePrincipal::nsBasePrincipal() : mCapabilities(nsnull), mPrefName(nsnull) { @@ -61,9 +62,6 @@ nsBasePrincipal::GetJSPrincipals(JSPrincipals **jsprin) return NS_OK; } -const char -nsBasePrincipal::Invalid[] = "Invalid"; - NS_IMETHODIMP nsBasePrincipal::CanEnableCapability(const char *capability, PRInt16 *result) { @@ -71,16 +69,6 @@ nsBasePrincipal::CanEnableCapability(const char *capability, PRInt16 *result) *result = nsIPrincipal::ENABLE_UNKNOWN; return NS_OK; } - else // If this principal is marked invalid, can't enable any capabilities - { - nsStringKey invalidKey(Invalid); - if (mCapabilities->Exists(&invalidKey)) - { - *result = nsIPrincipal::ENABLE_DENIED; - return NS_OK; - } - } - const char *start = capability; *result = nsIPrincipal::ENABLE_GRANTED; for(;;) { @@ -108,16 +96,6 @@ nsBasePrincipal::SetCanEnableCapability(const char *capability, if (!mCapabilities) return NS_ERROR_OUT_OF_MEMORY; } - else // If this principal is marked invalid, can't enable any capabilities - { - nsStringKey invalidKey(Invalid); - if (mCapabilities->Exists(&invalidKey)) - return NS_OK; - } - - if (PL_strcmp(capability, Invalid) == 0) - mCapabilities->Reset(); - const char *start = capability; for(;;) { const char *space = PL_strchr(start, ' '); @@ -188,7 +166,7 @@ nsBasePrincipal::RevertCapability(const char *capability, void **annotation) } } return NS_OK; -} +} NS_IMETHODIMP nsBasePrincipal::SetCapability(const char *capability, void **annotation, @@ -197,7 +175,7 @@ nsBasePrincipal::SetCapability(const char *capability, void **annotation, if (*annotation == nsnull) { *annotation = new nsHashtable(5); if (!*annotation) - return NS_ERROR_OUT_OF_MEMORY; + return NS_ERROR_OUT_OF_MEMORY; // This object owns its annotations. Save them so we can release // them when we destroy this object. mAnnotations.AppendElement(*annotation); @@ -224,55 +202,37 @@ nsBasePrincipal::InitFromPersistent(const char *name, const char* data) { // Parses capabilities strings of the form // "Capability=value ..." - // ie. "UniversalBrowserRead=Granted UniversalBrowserWrite=Denied" - - //-- Empty the capability table + // ie. "UniversalBrowserRead=0 UniversalBrowserWrite=1" + // where value is from 0 to 3 as defined in nsIPrincipal.idl if (mCapabilities) mCapabilities->Reset(); - //-- Save the preference name nsCAutoString nameString(name); mPrefName = nameString.ToNewCString(); - const char* ordinalBegin = PL_strpbrk(name, "1234567890"); - if (ordinalBegin) { - int n = atoi(ordinalBegin); + static const char *prefix = ".X"; + const char *p = PL_strstr(name, prefix); + if (p) { + int n = atoi(p + sizeof(prefix)-1); if (mCapabilitiesOrdinal <= n) mCapabilitiesOrdinal = n+1; } - //-- Parse the capabilities for (;;) { char* wordEnd = PL_strchr(data, '='); if (wordEnd == nsnull) break; - while (*(wordEnd-1) == ' ') - wordEnd--; - const char* cap = data; - data = wordEnd+1; *wordEnd = '\0'; - while (*data == ' ' || *data == '=') - data++; - - PRInt16 value; - if (*data == 'G' || *data == 'g' || *data == 'Y' || - *data == 'y' || *data == 'T' || *data == 't' || - (*data - '0') == nsIPrincipal::ENABLE_GRANTED || - *data == '1') - value = nsIPrincipal::ENABLE_GRANTED; - else if (*data == 'D' || *data == 'd' || *data == 'N' || - *data == 'n' || *data == 'F' || *data == 'f' || - (*data - '0') == nsIPrincipal::ENABLE_DENIED || - *data == '0') - value = nsIPrincipal::ENABLE_DENIED; + const char* cap = data; + data = wordEnd+1; // data is now pointing at the numeric value + PRInt16 value = (PRInt16)(*data) - (PRInt16)'0'; + nsresult rv = SetCanEnableCapability(cap, value); + if (NS_FAILED(rv)) return rv; + if (data[1] == '\0') // End of the data + break; else - value = nsIPrincipal::ENABLE_UNKNOWN; - - if(NS_FAILED(SetCanEnableCapability(cap, value))) - return NS_ERROR_FAILURE; - while (*data != ' ' && *data != '\0') data++; - while (*data == ' ') data++; + data += 2; // data is now at the beginning of the next capability string } return NS_OK; } @@ -280,35 +240,43 @@ nsBasePrincipal::InitFromPersistent(const char *name, const char* data) PR_STATIC_CALLBACK(PRBool) AppendCapability(nsHashKey *aKey, void *aData, void *aStr) { + char value = (char)((unsigned int)aData) + '0'; nsCString *capStr = (nsCString*) aStr; capStr->Append(' '); capStr->AppendWithConversion(((nsStringKey *) aKey)->GetString()); capStr->Append('='); - switch ((PRInt16)aData) - { - case nsIPrincipal::ENABLE_GRANTED: - capStr->Append("Granted"); - break; - case nsIPrincipal::ENABLE_DENIED: - capStr->Append("Denied"); - break; - default: - capStr->Append("Unknown"); - } + capStr->Append(value); return PR_TRUE; } + -NS_IMETHODIMP -nsBasePrincipal::ToStreamableForm(char** aName, char** aData) +NS_IMETHODIMP +nsBasePrincipal::Save(nsSupportsHashtable* aPrincipals, nsIPref *aPref) { + //-- Save in hashtable + nsIPrincipalKey key(this); + // This is a little sneaky. "supports" below is a void *, which won't + // be refcounted, but is matched with a key that is the same object, + // which will be refcounted. + aPrincipals->Put(&key, this); + + //-- Save to preferences char *streamableForm; if (NS_FAILED(ToString(&streamableForm))) return NS_ERROR_FAILURE; if (mCapabilities) { - nsCAutoString buildingCapString(streamableForm); - mCapabilities->Enumerate(AppendCapability, (void*)&buildingCapString); - streamableForm = buildingCapString.ToNewCString(); + nsCAutoString result(streamableForm); + mCapabilities->Enumerate(AppendCapability, (void*)&result); + streamableForm = result.ToNewCString(); } - *aData = streamableForm; - return NS_OK; + if (!mPrefName) { + nsCAutoString s("security.principal.X"); + s.AppendInt(mCapabilitiesOrdinal++); + mPrefName = s.ToNewCString(); + } + nsresult rv = aPref->SetCharPref(mPrefName, streamableForm); + Recycle(streamableForm); + return rv; } + + diff --git a/mozilla/caps/src/nsCertificatePrincipal.cpp b/mozilla/caps/src/nsCertificatePrincipal.cpp index c4d0409ee11..ef6089d29af 100644 --- a/mozilla/caps/src/nsCertificatePrincipal.cpp +++ b/mozilla/caps/src/nsCertificatePrincipal.cpp @@ -38,25 +38,24 @@ NSBASEPRINCIPALS_RELEASE(nsCertificatePrincipal); // Methods implementing nsICertificatePrincipal // ////////////////////////////////////////////////// NS_IMETHODIMP -nsCertificatePrincipal::GetCertificateID(char** aCertificateID) +nsCertificatePrincipal::GetIssuerName(char ** issuerName) { - *aCertificateID = nsCRT::strdup(mCertificateID); - return *mCertificateID ? NS_OK : NS_ERROR_OUT_OF_MEMORY; + *issuerName = nsCRT::strdup(mIssuerName); + return *issuerName ? NS_OK : NS_ERROR_OUT_OF_MEMORY; } NS_IMETHODIMP -nsCertificatePrincipal::GetCommonName(char** aCommonName) +nsCertificatePrincipal::GetSerialNumber(char ** serialNumber) { - *aCommonName = nsCRT::strdup(mCommonName); - return *aCommonName ? NS_OK : NS_ERROR_OUT_OF_MEMORY; + *serialNumber = nsCRT::strdup(mSerialNumber); + return *serialNumber ? NS_OK : NS_ERROR_OUT_OF_MEMORY; } NS_IMETHODIMP -nsCertificatePrincipal::SetCommonName(const char* aCommonName) +nsCertificatePrincipal::GetCompanyName(char ** companyName) { - PR_FREEIF(mCommonName); - mCommonName = nsCRT::strdup(aCommonName); - return * mCommonName ? NS_OK : NS_ERROR_OUT_OF_MEMORY; + *companyName = nsCRT::strdup(mCompanyName); + return * companyName ? NS_OK : NS_ERROR_OUT_OF_MEMORY; } @@ -77,54 +76,52 @@ nsCertificatePrincipal::CanEnableCapability(const char *capability, NS_IMETHODIMP nsCertificatePrincipal::ToString(char **result) { - return GetCertificateID(result); + // STRING USE WARNING: perhaps |str| should be an |nsCAutoString|? -- scc + nsAutoString str; + str.AppendWithConversion("[Certificate "); + str.AppendWithConversion(mIssuerName); + str.AppendWithConversion(' '); + str.AppendWithConversion(mSerialNumber); + str.AppendWithConversion(']'); + *result = str.ToNewCString(); + return (*result) ? NS_OK : NS_ERROR_OUT_OF_MEMORY; } NS_IMETHODIMP nsCertificatePrincipal::ToUserVisibleString(char **result) { - return GetCommonName(result); -} - -NS_IMETHODIMP -nsCertificatePrincipal::ToStreamableForm(char** aName, char** aData) -{ - if (!mPrefName) { - nsCAutoString s("security.principal.certificate"); - s += mCapabilitiesOrdinal++; - mPrefName = s.ToNewCString(); - } - *aName = nsCRT::strdup(mPrefName); - if (!*aName) - return NS_ERROR_FAILURE; - return nsBasePrincipal::ToStreamableForm(aName, aData); + return GetCompanyName(result); } NS_IMETHODIMP nsCertificatePrincipal::Equals(nsIPrincipal * other, PRBool * result) { - *result = PR_FALSE; if (this == other) { *result = PR_TRUE; return NS_OK; } - if (!other) + if (!other) { + *result = PR_FALSE; return NS_OK; + } nsresult rv; nsCOMPtr otherCertificate = do_QueryInterface(other, &rv); if (NS_FAILED(rv)) - return NS_OK; - //-- Compare cert ID's - char* otherID; - rv = otherCertificate->GetCertificateID(&otherID); - if (NS_FAILED(rv)) { - PR_FREEIF(otherID); - return rv; + *result = PR_FALSE; + return NS_OK; } - *result = (PL_strcmp(mCertificateID, otherID) == 0); - PR_FREEIF(otherID); + //-- Compare issuer name and serial number; + // these comprise the unique id of the cert + char* otherIssuer; + otherCertificate->GetIssuerName(&otherIssuer); + char* otherSerial; + otherCertificate->GetSerialNumber(&otherSerial); + *result = ( (PL_strcmp(mIssuerName, otherIssuer) == 0) && + (PL_strcmp(mSerialNumber, otherSerial) == 0) ); + PR_FREEIF(otherIssuer); + PR_FREEIF(otherSerial); return NS_OK; } @@ -145,46 +142,59 @@ NS_IMETHODIMP nsCertificatePrincipal::InitFromPersistent(const char *name, const char* data) { // Parses preference strings of the form - // " - // ie. "AB:CD:12:34 UniversalBrowserRead=Granted" + // "[Certificate Issuer Serial#] capabilities string" + // ie. "[Certificate CertCo 12:34:AB:CD] UniversalBrowserRead=1" if (!data) return NS_ERROR_ILLEGAL_VALUE; - char* idEnd = PL_strchr(data, ' '); // Find end of certID - if (idEnd) - *idEnd = '\0'; + data = PL_strchr(data, ' '); // Jump to issuer + NS_ASSERTION(data, "Malformed security.principal preference"); + data += 1; - if (NS_FAILED(Init(data))) + char* wordEnd = PL_strchr(data, ' '); // Find end of issuer + NS_ASSERTION(wordEnd, "Malformed security.principal preference"); + *wordEnd = '\0'; + const char* issuer = data; + + data = wordEnd+1; // Jump to serial# + wordEnd = PL_strchr(data, ']'); // Find end of serial# + NS_ASSERTION(wordEnd, "Malformed security.principal preference"); + *wordEnd = '\0'; + const char* serial = data; + + if (NS_FAILED(Init(issuer, serial, nsnull))) return NS_ERROR_FAILURE; - - if (idEnd) - { - data = idEnd+1; - while (*data == ' ') - data++; - if (data) - return nsBasePrincipal::InitFromPersistent(name, data); + + if (wordEnd[1] != '\0') { + data = wordEnd+2; // Jump to beginning of caps data + return nsBasePrincipal::InitFromPersistent(name, data); } return NS_OK; } NS_IMETHODIMP -nsCertificatePrincipal::Init(const char* aCertificateID) +nsCertificatePrincipal::Init(const char* aIssuerName, const char* aSerialNumber, + const char* aCompanyName) { - mCertificateID = nsCRT::strdup(aCertificateID); - if (!mCertificateID) return NS_ERROR_OUT_OF_MEMORY; + mIssuerName = nsCRT::strdup(aIssuerName); + mSerialNumber = nsCRT::strdup(aSerialNumber); + mCompanyName = nsCRT::strdup(aCompanyName); + if (!mIssuerName || !mSerialNumber || + !mCompanyName) return NS_ERROR_OUT_OF_MEMORY; return NS_OK; } -nsCertificatePrincipal::nsCertificatePrincipal() : mCertificateID(nsnull), - mCommonName(nsnull) +nsCertificatePrincipal::nsCertificatePrincipal() : mIssuerName(nsnull), + mSerialNumber(nsnull), + mCompanyName(nsnull) { NS_INIT_ISUPPORTS(); } nsCertificatePrincipal::~nsCertificatePrincipal() { - PR_FREEIF(mCertificateID); - PR_FREEIF(mCommonName); + PR_FREEIF(mIssuerName); + PR_FREEIF(mSerialNumber); + PR_FREEIF(mCompanyName); } diff --git a/mozilla/caps/src/nsCodebasePrincipal.cpp b/mozilla/caps/src/nsCodebasePrincipal.cpp index 47a38fe7360..d95ba351c86 100644 --- a/mozilla/caps/src/nsCodebasePrincipal.cpp +++ b/mozilla/caps/src/nsCodebasePrincipal.cpp @@ -19,7 +19,6 @@ * * Contributor(s): * Norris Boyd - * Mitch Stoltz */ /* Describes principals by their orginating uris */ @@ -63,20 +62,6 @@ nsCodebasePrincipal::ToUserVisibleString(char **result) return GetOrigin(result); } -NS_IMETHODIMP -nsCodebasePrincipal::ToStreamableForm(char** aName, char** aData) -{ - if (!mPrefName) { - nsCAutoString s("security.principal.codebase"); - s += mCapabilitiesOrdinal++; - mPrefName = s.ToNewCString(); - } - *aName = nsCRT::strdup(mPrefName); - if (!*aName) - return NS_ERROR_FAILURE; - return nsBasePrincipal::ToStreamableForm(aName, aData); -} - NS_IMETHODIMP nsCodebasePrincipal::HashValue(PRUint32 *result) { @@ -270,30 +255,28 @@ nsresult nsCodebasePrincipal::InitFromPersistent(const char *name, const char* data) { // Parses preference strings of the form - // "" - // ie. "http://www.mozilla.org UniversalBrowserRead=Granted" + // "[Codebase URL] capabilities string" + // ie. "[Codebase http://www.mozilla.org] UniversalBrowserRead=1" if (!data) return NS_ERROR_ILLEGAL_VALUE; - char* urlEnd = PL_strchr(data, ' '); // Find end of URL - if (urlEnd) - *urlEnd = '\0'; + data = PL_strchr(data, ' '); // Jump to URL + if (!data) + return NS_ERROR_FAILURE; + data += 1; - nsCOMPtr uri; - if (NS_FAILED(NS_NewURI(getter_AddRefs(uri), data, nsnull))) { + char* urlEnd = PL_strchr(data, ']'); // Find end of URL + NS_ASSERTION(urlEnd, "Malformed security.principal preference."); + *urlEnd = '\0'; // XXX modification of const char * + + if (NS_FAILED(NS_NewURI(&mURI, data, nsnull))) { NS_ASSERTION(PR_FALSE, "Malformed URI in security.principal preference."); return NS_ERROR_FAILURE; } - if (NS_FAILED(Init(uri))) return NS_ERROR_FAILURE; - if (urlEnd) - { - // Jump to beginning of capabilities list - data = urlEnd+1; - while (*data == ' ') - data++; - if (data) - return nsBasePrincipal::InitFromPersistent(name, data); + if (urlEnd[1] != '\0') { + data = urlEnd+2; // Jump to beginning of caps data + return nsBasePrincipal::InitFromPersistent(name, data); } return NS_OK; } diff --git a/mozilla/caps/src/nsScriptSecurityManager.cpp b/mozilla/caps/src/nsScriptSecurityManager.cpp index 90b3250bbad..04f8e2107a2 100644 --- a/mozilla/caps/src/nsScriptSecurityManager.cpp +++ b/mozilla/caps/src/nsScriptSecurityManager.cpp @@ -52,10 +52,6 @@ #include "nsIIOService.h" #include "nsIStringBundle.h" #include "nsINetSupportDialogService.h" -#include "nsNetUtil.h" -#include "nsSpecialSystemDirectory.h" -#include "nsIFile.h" -#include "nsIZipReader.h" static NS_DEFINE_CID(kNetSupportDialogCID, NS_NETSUPPORTDIALOG_CID); static NS_DEFINE_IID(kIIOServiceIID, NS_IIOSERVICE_IID); @@ -65,7 +61,6 @@ static NS_DEFINE_IID(kStringBundleServiceCID, NS_STRINGBUNDLESERVICE_CID); static NS_DEFINE_CID(kPrefServiceCID, NS_PREF_CID); static NS_DEFINE_CID(kCScriptNameSetRegistryCID, NS_SCRIPT_NAMESET_REGISTRY_CID); -static NS_DEFINE_CID(kZipReaderCID, NS_ZIPREADER_CID); enum { SCRIPT_SECURITY_UNDEFINED_ACCESS, @@ -136,9 +131,9 @@ nsSecurityNameSet::~nsSecurityNameSet() NS_IMPL_ISUPPORTS(nsSecurityNameSet, NS_GET_IID(nsIScriptExternalNameSet)); static char * -getStringArgument(JSContext *cx, JSObject *obj, PRUint16 argNum, uintN argc, jsval *argv) +getStringArgument(JSContext *cx, JSObject *obj, uintN argc, jsval *argv) { - if (argc <= argNum || !JSVAL_IS_STRING(argv[argNum])) { + if (argc == 0 || !JSVAL_IS_STRING(argv[0])) { JS_ReportError(cx, "String argument expected"); return nsnull; } @@ -146,7 +141,7 @@ getStringArgument(JSContext *cx, JSObject *obj, PRUint16 argNum, uintN argc, jsv * We don't want to use JS_ValueToString because we want to be able * to have an object to represent a target in subsequent versions. */ - JSString *str = JSVAL_TO_STRING(argv[argNum]); + JSString *str = JSVAL_TO_STRING(argv[0]); if (!str) return nsnull; @@ -158,7 +153,7 @@ netscape_security_isPrivilegeEnabled(JSContext *cx, JSObject *obj, uintN argc, jsval *argv, jsval *rval) { JSBool result = JS_FALSE; - char *cap = getStringArgument(cx, obj, 0, argc, argv); + char *cap = getStringArgument(cx, obj, argc, argv); if (cap) { nsresult rv; NS_WITH_SERVICE(nsIScriptSecurityManager, securityManager, @@ -179,7 +174,7 @@ PR_STATIC_CALLBACK(JSBool) netscape_security_enablePrivilege(JSContext *cx, JSObject *obj, uintN argc, jsval *argv, jsval *rval) { - char *cap = getStringArgument(cx, obj, 0, argc, argv); + char *cap = getStringArgument(cx, obj, argc, argv); if (!cap) return JS_FALSE; nsresult rv; @@ -197,7 +192,7 @@ PR_STATIC_CALLBACK(JSBool) netscape_security_disablePrivilege(JSContext *cx, JSObject *obj, uintN argc, jsval *argv, jsval *rval) { - char *cap = getStringArgument(cx, obj, 0, argc, argv); + char *cap = getStringArgument(cx, obj, argc, argv); if (!cap) return JS_FALSE; nsresult rv; @@ -215,7 +210,7 @@ PR_STATIC_CALLBACK(JSBool) netscape_security_revertPrivilege(JSContext *cx, JSObject *obj, uintN argc, jsval *argv, jsval *rval) { - char *cap = getStringArgument(cx, obj, 0, argc, argv); + char *cap = getStringArgument(cx, obj, argc, argv); if (!cap) return JS_FALSE; nsresult rv; @@ -229,55 +224,11 @@ netscape_security_revertPrivilege(JSContext *cx, JSObject *obj, uintN argc, return JS_TRUE; } -PR_STATIC_CALLBACK(JSBool) -netscape_security_setCanEnablePrivilege(JSContext *cx, JSObject *obj, uintN argc, - jsval *argv, jsval *rval) -{ - if (argc < 2) return JS_FALSE; - char *principalID = getStringArgument(cx, obj, 0, argc, argv); - char *cap = getStringArgument(cx, obj, 1, argc, argv); - if (!principalID || !cap) - return JS_FALSE; - nsresult rv; - NS_WITH_SERVICE(nsIScriptSecurityManager, securityManager, - NS_SCRIPTSECURITYMANAGER_PROGID, &rv); - if (NS_FAILED(rv)) - return JS_FALSE; - NS_ASSERTION(cx == GetCurrentContext(), "unexpected context"); - if (NS_FAILED(securityManager->SetCanEnableCapability(principalID, cap, - nsIPrincipal::ENABLE_GRANTED))) - return JS_FALSE; - return JS_TRUE; -} - -PR_STATIC_CALLBACK(JSBool) -netscape_security_invalidate(JSContext *cx, JSObject *obj, uintN argc, - jsval *argv, jsval *rval) -{ - char *principalID = getStringArgument(cx, obj, 0, argc, argv); - if (!principalID) - return JS_FALSE; - nsresult rv; - NS_WITH_SERVICE(nsIScriptSecurityManager, securityManager, - NS_SCRIPTSECURITYMANAGER_PROGID, &rv); - if (NS_FAILED(rv)) - return JS_FALSE; - NS_ASSERTION(cx == GetCurrentContext(), "unexpected context"); - if (NS_FAILED(securityManager->SetCanEnableCapability(principalID, - nsBasePrincipal::Invalid, - nsIPrincipal::ENABLE_GRANTED))) - return JS_FALSE; - return JS_TRUE; -} - static JSFunctionSpec PrivilegeManager_static_methods[] = { { "isPrivilegeEnabled", netscape_security_isPrivilegeEnabled, 1}, { "enablePrivilege", netscape_security_enablePrivilege, 1}, { "disablePrivilege", netscape_security_disablePrivilege, 1}, { "revertPrivilege", netscape_security_revertPrivilege, 1}, - //-- System Cert Functions - { "setCanEnablePrivilege", netscape_security_setCanEnablePrivilege, 2}, - { "invalidate", netscape_security_invalidate, 1}, {0} }; @@ -594,7 +545,9 @@ nsScriptSecurityManager::GetSystemPrincipal(nsIPrincipal **result) } NS_IMETHODIMP -nsScriptSecurityManager::GetCertificatePrincipal(const char* aCertID, +nsScriptSecurityManager::GetCertificatePrincipal(const char* aIssuerName, + const char* aSerialNumber, + const char* aCompanyName, nsIPrincipal **result) { nsresult rv; @@ -603,7 +556,7 @@ nsScriptSecurityManager::GetCertificatePrincipal(const char* aCertID, if (!certificate) return NS_ERROR_OUT_OF_MEMORY; NS_ADDREF(certificate); - if (NS_FAILED(certificate->Init(aCertID))) + if (NS_FAILED(certificate->Init(aIssuerName, aSerialNumber, aCompanyName))) { NS_RELEASE(certificate); return NS_ERROR_FAILURE; @@ -803,14 +756,6 @@ nsScriptSecurityManager::IsCapabilityEnabled(const char *capability, *result = PR_TRUE; return NS_OK; } - // If this capability check is being called as a result of the security - // manager accessing a security preference, allow execution. - if (mIsAccessingPrefs && - (PL_strcmp(capability, "SecurityPreferencesAccess") == 0)) - { - *result = PR_TRUE; - return NS_OK; - } do { nsCOMPtr principal; if (NS_FAILED(GetFramePrincipal(cx, fp, getter_AddRefs(principal)))) { @@ -1033,7 +978,18 @@ nsScriptSecurityManager::EnableCapability(const char *capability) //-- Save principal to prefs and to mPrincipals if (NS_FAILED(principal->SetCanEnableCapability(capability, canEnable))) return NS_ERROR_FAILURE; - if (NS_FAILED(SavePrincipal(principal))) + if (!mPrincipals) { + mPrincipals = new nsSupportsHashtable(31); + if (!mPrincipals) + return NS_ERROR_OUT_OF_MEMORY; + } + mIsWritingPrefs = PR_TRUE; + if (NS_FAILED(principal->Save(mPrincipals, mPrefs))) { + mIsWritingPrefs = PR_FALSE; + return NS_ERROR_FAILURE; + } + mIsWritingPrefs = PR_FALSE; + if (NS_FAILED(mPrefs->SavePrefFile())) return NS_ERROR_FAILURE; } } @@ -1082,64 +1038,6 @@ nsScriptSecurityManager::DisableCapability(const char *capability) return NS_OK; } -NS_IMETHODIMP -nsScriptSecurityManager::SetCanEnableCapability(const char* certificateID, - const char* capability, - PRInt16 canEnable) -{ - nsresult rv; - nsCOMPtr subjectPrincipal; - rv = GetSubjectPrincipal(getter_AddRefs(subjectPrincipal)); - if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - - //-- Get the system certificate - if (!mSystemCertificate) - { - nsCOMPtr systemCertFile; - rv = NS_GetSpecialDirectory("xpcom.currentProcess.componentDirectory", - getter_AddRefs(systemCertFile)); - if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - systemCertFile->Append("systemSignature.jar"); - if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - nsCOMPtr systemCertJar; - rv = nsComponentManager::CreateInstance(kZipReaderCID, nsnull, - NS_GET_IID(nsIZipReader), - getter_AddRefs(systemCertJar)); - if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - systemCertJar->Init(systemCertFile); - rv = systemCertJar->Open(); - if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - rv = systemCertJar->GetCertificatePrincipal(nsnull, - getter_AddRefs(mSystemCertificate)); - if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - } - - //-- Make sure the caller's principal is the system certificate - PRBool isEqual = PR_FALSE; - if (mSystemCertificate) - { - rv = mSystemCertificate->Equals(subjectPrincipal, &isEqual); - if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - } - if (!isEqual) - { - JSContext* cx = GetCurrentContext(); - if (!cx) return NS_ERROR_FAILURE; - static const char msg1[] = "Only code signed by the system certificate may call SetCanEnableCapability or Invalidate"; - static const char msg2[] = "Attempt to call SetCanEnableCapability or Invalidate when no system certificate has been established"; - JS_SetPendingException(cx, STRING_TO_JSVAL(JS_NewStringCopyZ(cx, - mSystemCertificate ? msg1 : msg2))); - return NS_ERROR_FAILURE; - } - - //-- Get the target principal - nsCOMPtr objectPrincipal; - rv = GetCertificatePrincipal(certificateID, getter_AddRefs(objectPrincipal)); - if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - rv = objectPrincipal->SetCanEnableCapability(capability, canEnable); - if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - return SavePrincipal(objectPrincipal); -} //////////////////////////////////////////////// // Methods implementing nsIXPCSecurityManager // @@ -1211,7 +1109,7 @@ nsScriptSecurityManager::nsScriptSecurityManager(void) mSystemPrincipal(nsnull), mPrincipals(nsnull), mIsJavaScriptEnabled(PR_FALSE), mIsMailJavaScriptEnabled(PR_FALSE), - mIsAccessingPrefs(PR_FALSE) + mIsWritingPrefs(PR_FALSE) { NS_INIT_REFCNT(); memset(hasPolicyVector, 0, sizeof(hasPolicyVector)); @@ -1298,40 +1196,6 @@ nsScriptSecurityManager::GetObjectPrincipal(JSContext *aCx, JSObject *aObj, return NS_ERROR_FAILURE; } -NS_IMETHODIMP -nsScriptSecurityManager::SavePrincipal(nsIPrincipal* aToSave) -{ - NS_ASSERTION(mPrefs, "nsScriptSecurityManager::mPrefs not initialized"); - nsresult rv; - nsCOMPtr persistent = aToSave; - nsCOMPtr aggregate = do_QueryInterface(aToSave, &rv); - if (NS_SUCCEEDED(rv)) - if (NS_FAILED(aggregate->GetPrimaryChild(getter_AddRefs(persistent)))) - return NS_ERROR_FAILURE; - - //-- Save to mPrincipals - if (!mPrincipals) - { - mPrincipals = new nsSupportsHashtable(31); - if (!mPrincipals) - return NS_ERROR_OUT_OF_MEMORY; - } - nsIPrincipalKey key(persistent); - mPrincipals->Put(&key, persistent); - - //-- Save to prefs - nsXPIDLCString prefName; - nsXPIDLCString prefData; - rv = persistent->ToStreamableForm(getter_Copies(prefName), - getter_Copies(prefData)); - if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - mIsAccessingPrefs = PR_TRUE; - rv = mPrefs->SetCharPref(prefName, prefData); - mIsAccessingPrefs = PR_FALSE; - if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - return mPrefs->SavePrefFile(); -} - NS_IMETHODIMP nsScriptSecurityManager::CheckPermissions(JSContext *aCx, JSObject *aObj, const char *aCapability) @@ -1405,9 +1269,7 @@ nsScriptSecurityManager::GetSecurityLevel(nsIPrincipal *principal, PRInt32 secLevel; char *secLevelString; nsresult rv; - mIsAccessingPrefs = PR_TRUE; rv = mPrefs->CopyCharPref(prefName, &secLevelString); - mIsAccessingPrefs = PR_FALSE; if (NS_FAILED(rv)) { prefName += (isWrite ? ".write" : ".read"); rv = mPrefs->CopyCharPref(prefName, &secLevelString); @@ -1432,6 +1294,7 @@ nsScriptSecurityManager::GetSecurityLevel(nsIPrincipal *principal, return SCRIPT_SECURITY_UNDEFINED_ACCESS; } + NS_IMETHODIMP nsScriptSecurityManager::CheckXPCPermissions(JSContext *aJSContext) { @@ -1488,6 +1351,7 @@ struct nsDomainEntry { nsCString mPolicy; }; + NS_IMETHODIMP nsScriptSecurityManager::GetPrefName(nsIPrincipal *principal, nsDOMProp domProp, nsCString &result) @@ -1699,11 +1563,19 @@ nsScriptSecurityManager::EnumeratePrincipalsCallback(const char *prefName, if (NS_FAILED(info->prefs->CopyCharPref(prefName, &data))) return; - static const char certificateName[] = "security.principal.certificate"; - static const char codebaseName[] = "security.principal.codebase"; + static char codebaseName[] = "[Codebase "; + static char certificateName[] = "[Certificate "; nsCOMPtr principal; - if (PL_strncmp(prefName, certificateName, - sizeof(certificateName)-1) == 0) + if (PL_strncasecmp(data, codebaseName, sizeof(codebaseName)-1) == 0) { + nsCodebasePrincipal *codebase = new nsCodebasePrincipal(); + if (codebase) { + NS_ADDREF(codebase); + if (NS_SUCCEEDED(codebase->InitFromPersistent(prefName, data))) + principal = do_QueryInterface((nsBasePrincipal*)codebase); + NS_RELEASE(codebase); + } + } else if (PL_strncasecmp(data, certificateName, + sizeof(certificateName)-1) == 0) { nsCertificatePrincipal *certificate = new nsCertificatePrincipal(); if (certificate) { @@ -1712,16 +1584,6 @@ nsScriptSecurityManager::EnumeratePrincipalsCallback(const char *prefName, principal = do_QueryInterface((nsBasePrincipal*)certificate); NS_RELEASE(certificate); } - } else if(PL_strncmp(prefName, codebaseName, - sizeof(codebaseName)-1) == 0) - { - nsCodebasePrincipal *codebase = new nsCodebasePrincipal(); - if (codebase) { - NS_ADDREF(codebase); - if (NS_SUCCEEDED(codebase->InitFromPersistent(prefName, data))) - principal = do_QueryInterface((nsBasePrincipal*)codebase); - NS_RELEASE(codebase); - } } nsCRT::free(data); if (principal) { @@ -1759,7 +1621,7 @@ int nsScriptSecurityManager::PrincipalPrefChanged(const char *pref, void *data) { nsScriptSecurityManager *secMgr = (nsScriptSecurityManager *) data; - if (secMgr->mIsAccessingPrefs) + if (secMgr->mIsWritingPrefs) return 0; EnumeratePrincipalsInfo info; info.ht = secMgr->mPrincipals; diff --git a/mozilla/caps/src/nsSystemPrincipal.cpp b/mozilla/caps/src/nsSystemPrincipal.cpp index 89954c60c69..a894dfa0c18 100644 --- a/mozilla/caps/src/nsSystemPrincipal.cpp +++ b/mozilla/caps/src/nsSystemPrincipal.cpp @@ -44,6 +44,7 @@ NSBASEPRINCIPALS_RELEASE(nsSystemPrincipal); NS_IMETHODIMP nsSystemPrincipal::ToString(char **result) { + // STRING USE WARNING: perhaps |buf| should be an |nsCAutoString|? -- scc nsAutoString buf; buf.AssignWithConversion("[System]"); @@ -57,13 +58,6 @@ nsSystemPrincipal::ToUserVisibleString(char **result) return ToString(result); } -NS_IMETHODIMP -nsSystemPrincipal::ToStreamambleForm(char** aName, char** aData) -{ - // The system principal should never be streamed out - return NS_ERROR_FAILURE; -} - NS_IMETHODIMP nsSystemPrincipal::Equals(nsIPrincipal *other, PRBool *result) { @@ -123,6 +117,14 @@ nsSystemPrincipal::DisableCapability(const char *capability, void **annotation) return NS_ERROR_FAILURE; } +NS_IMETHODIMP +nsSystemPrincipal::Save(nsSupportsHashtable* aPrincipals, nsIPref* prefs) +{ + // The system principal should never be streamed out + return NS_ERROR_FAILURE; +} + + ///////////////////////////////////////////// // Constructor, Destructor, initialization // ///////////////////////////////////////////// diff --git a/mozilla/content/html/document/src/nsHTMLContentSink.cpp b/mozilla/content/html/document/src/nsHTMLContentSink.cpp index 082f0c06273..4d750824fd5 100644 --- a/mozilla/content/html/document/src/nsHTMLContentSink.cpp +++ b/mozilla/content/html/document/src/nsHTMLContentSink.cpp @@ -4435,14 +4435,13 @@ HTMLContentSink::OnStreamComplete(nsIStreamLoader* aLoader, //-- Merge the principal of the script file with that of the document nsCOMPtr owner; aLoader->GetOwner(getter_AddRefs(owner)); - nsCOMPtr prin; if (owner) { - prin = do_QueryInterface(owner, &rv); + nsCOMPtr prin = do_QueryInterface(owner, &rv); + if (NS_FAILED(rv)) return rv; + rv = mDocument->AddPrincipal(prin); if (NS_FAILED(rv)) return rv; } - rv = mDocument->AddPrincipal(prin); - if (NS_FAILED(rv)) return rv; rv = EvaluateScript(jsUnicodeBuffer, mScriptURI, 1, mScriptLanguageVersion); if (NS_FAILED(rv)) return rv; diff --git a/mozilla/extensions/psm-glue/src/nsPSMComponent.cpp b/mozilla/extensions/psm-glue/src/nsPSMComponent.cpp index 0052e6ffa5e..a61a5b1d864 100644 --- a/mozilla/extensions/psm-glue/src/nsPSMComponent.cpp +++ b/mozilla/extensions/psm-glue/src/nsPSMComponent.cpp @@ -49,7 +49,6 @@ #include "nsISecureBrowserUI.h" #include "nsIDocumentLoaderObserver.h" #include "nsIScriptSecurityManager.h" -#include "nsICertificatePrincipal.h" #define PSM_VERSION_REG_KEY "/Netscape/Personal Security Manager" @@ -746,57 +745,29 @@ nsPSMComponent::CreatePrincipalFromCert(PRUint32 aCertID, nsIPrincipal** aPrinci if (NS_FAILED(GetControlConnection( &controlConnection ))) return NS_ERROR_FAILURE; - //-- Read cert ID + //-- Read cert info CMTStatus result; - - CMTItem fingerprint; + CMTItem issuerItem; result = CMT_GetStringAttribute(controlConnection, aCertID, - SSM_FID_CERT_FINGERPRINT, &fingerprint); + SSM_FID_CERT_COMMON_NAME, &issuerItem); if (result != CMTSuccess) return NS_ERROR_FAILURE; - + CMTItemStr serialNumberItem; + result = CMT_GetStringAttribute(controlConnection, aCertID, + SSM_FID_CERT_SERIAL_NUMBER, &serialNumberItem); + if (result != CMTSuccess) return NS_ERROR_FAILURE; + CMTItemStr companyNameItem; + result = CMT_GetStringAttribute(controlConnection, aCertID, + SSM_FID_CERT_ORG_NAME, &companyNameItem); + if (result != CMTSuccess) return NS_ERROR_FAILURE; //-- Get a principal nsresult rv; NS_WITH_SERVICE(nsIScriptSecurityManager, secMan, NS_SCRIPTSECURITYMANAGER_PROGID, &rv) if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - rv = secMan->GetCertificatePrincipal((char*)fingerprint.data, + rv = secMan->GetCertificatePrincipal((char*)issuerItem.data, + (char*)serialNumberItem.data, + (char*)companyNameItem.data, aPrincipal); - if (NS_FAILED(rv)) return rv; - - //-- Get common name and store it in the principal. - // Using common name + organizational unit as the user-visible certificate name - nsCOMPtr certificate = do_QueryInterface(*aPrincipal, &rv); - if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - - CMTItem common; - result = CMT_GetStringAttribute(controlConnection, aCertID, - SSM_FID_CERT_COMMON_NAME, &common); - if (result != CMTSuccess) return NS_ERROR_FAILURE; - CMTItem subject; - result = CMT_GetStringAttribute(controlConnection, aCertID, - SSM_FID_CERT_SUBJECT_NAME, &subject); - if (result != CMTSuccess) return NS_ERROR_FAILURE; - - nsCAutoString commonName; - commonName = (char*)common.data; - static const char orgUnitTag[] = " OU="; - char* orgUnitPos = PL_strstr((char*)subject.data, orgUnitTag); - if (orgUnitPos) - { - orgUnitPos += sizeof(orgUnitTag)-1; - char* orgUnitEnd = PL_strchr(orgUnitPos, ','); - PRInt32 orgUnitLen; - if(orgUnitEnd) - orgUnitLen = orgUnitEnd - orgUnitPos; - else - orgUnitLen = PL_strlen(orgUnitPos); - commonName.Append(' '); - commonName.Append(orgUnitPos, orgUnitLen); - } - char* commonChar = commonName.ToNewCString(); - if (!commonChar) return NS_ERROR_OUT_OF_MEMORY; - rv = certificate->SetCommonName(commonChar); - Recycle(commonChar); return rv; } diff --git a/mozilla/layout/html/document/src/nsHTMLContentSink.cpp b/mozilla/layout/html/document/src/nsHTMLContentSink.cpp index 082f0c06273..4d750824fd5 100644 --- a/mozilla/layout/html/document/src/nsHTMLContentSink.cpp +++ b/mozilla/layout/html/document/src/nsHTMLContentSink.cpp @@ -4435,14 +4435,13 @@ HTMLContentSink::OnStreamComplete(nsIStreamLoader* aLoader, //-- Merge the principal of the script file with that of the document nsCOMPtr owner; aLoader->GetOwner(getter_AddRefs(owner)); - nsCOMPtr prin; if (owner) { - prin = do_QueryInterface(owner, &rv); + nsCOMPtr prin = do_QueryInterface(owner, &rv); + if (NS_FAILED(rv)) return rv; + rv = mDocument->AddPrincipal(prin); if (NS_FAILED(rv)) return rv; } - rv = mDocument->AddPrincipal(prin); - if (NS_FAILED(rv)) return rv; rv = EvaluateScript(jsUnicodeBuffer, mScriptURI, 1, mScriptLanguageVersion); if (NS_FAILED(rv)) return rv; diff --git a/mozilla/modules/libjar/nsIZipReader.idl b/mozilla/modules/libjar/nsIZipReader.idl index 043c608b124..743b993b4fc 100644 --- a/mozilla/modules/libjar/nsIZipReader.idl +++ b/mozilla/modules/libjar/nsIZipReader.idl @@ -99,7 +99,8 @@ interface nsIZipReader : nsISupports * stored in the jar, verifyExternalFile (not yet implemented) must * be called before getPrincipal. */ - void getCertificatePrincipal(in string aEntryName, out nsIPrincipal aPrincipal); + void getCertificatePrincipal(in string aEntryName, out nsIPrincipal aPrincipal, + out short result); }; //////////////////////////////////////////////////////////////////////////////// diff --git a/mozilla/modules/libjar/nsJAR.cpp b/mozilla/modules/libjar/nsJAR.cpp index 0ba8005d93d..d9357881db0 100644 --- a/mozilla/modules/libjar/nsJAR.cpp +++ b/mozilla/modules/libjar/nsJAR.cpp @@ -25,13 +25,13 @@ * Pierre Phaneuf */ #include +#include "nsIPrincipal.h" #include "nsILocalFile.h" #include "nsJARInputStream.h" #include "nsJAR.h" #include "nsXPIDLString.h" #include "nsIServiceManager.h" #include "plbase64.h" -#include "nsIConsoleService.h" #ifndef XP_MAC #include "nsIPSMComponent.h" @@ -105,6 +105,9 @@ class nsJARManifestItem public: JARManifestItemType mType; + // the entity which signed this item + nsCOMPtr mPrincipal; + // True if the second step of verification (VerifyEntry) // has taken place: PRBool step2Complete; @@ -149,9 +152,9 @@ DeleteManifestEntry(nsHashKey* aKey, void* aData, void* closure) return PR_TRUE; } -// The following initialization makes a guess of 10 entries per jarfile. -nsJAR::nsJAR(): mManifestData(nsnull, nsnull, DeleteManifestEntry, nsnull, 10), - mParsedManifest(PR_FALSE), mGlobalStatus(nsIZipReader::NOT_SIGNED) +// The following initialization makes a guess of 25 entries per jarfile. +nsJAR::nsJAR(): mManifestData(nsnull, nsnull, DeleteManifestEntry, nsnull, 25), + mParsedManifest(PR_FALSE) { NS_INIT_REFCNT(); } @@ -295,54 +298,137 @@ nsJAR::GetInputStream(const char *aFilename, nsIInputStream **result) return CreateInputStream(aFilename, PR_TRUE, result); } +//-- The following #defines are used by ParseManifest() +// and ParseOneFile(). The header strings are defined in the JAR specification. +#define JAR_MF 1 +#define JAR_SF 2 +#define JAR_MF_SEARCH_STRING "(M|/M)ETA-INF/(M|m)(ANIFEST|anifest).(MF|mf)$" +#define JAR_SF_SEARCH_STRING "(M|/M)ETA-INF/*.(SF|sf)$" +#define JAR_MF_HEADER (const char*)"Manifest-Version: 1.0" +#define JAR_SF_HEADER (const char*)"Signature-Version: 1.0" + +nsresult +nsJAR::ParseManifest() +{ +#ifdef XP_MAC +return NS_OK; +#else + //-- Verification Step 1 + if (mParsedManifest) + return NS_OK; + mParsedManifest = PR_TRUE; + + //-- (1)Manifest (MF) file + nsresult rv; + nsCOMPtr files; + rv = FindEntries(JAR_MF_SEARCH_STRING, getter_AddRefs(files)); + if (!files) rv = NS_ERROR_FAILURE; + if (NS_FAILED(rv)) return rv; + + //-- Load the file into memory + nsCOMPtr file; + rv = files->GetNext(getter_AddRefs(file)); + if (NS_FAILED(rv) || !file) return rv; + PRBool more; + rv = files->HasMoreElements(&more); + if (NS_FAILED(rv)) return rv; + if (more) return NS_ERROR_FILE_CORRUPTED; // More than one MF file + nsXPIDLCString manifestFilename; + rv = file->GetName(getter_Copies(manifestFilename)); + if (!manifestFilename || NS_FAILED(rv)) return rv; + nsXPIDLCString manifestBuffer; + rv = LoadEntry(manifestFilename, getter_Copies(manifestBuffer)); + if (NS_FAILED(rv)) return rv; + + //-- Parse it + rv = ParseOneFile(manifestBuffer, JAR_MF, nsnull, 0); + if (NS_FAILED(rv)) return rv; + DumpMetadata("PM Pass 1 End"); + + //-- (2)Signature (SF) file + // If there are multiple signatures, we select one at random. + rv = FindEntries(JAR_SF_SEARCH_STRING, getter_AddRefs(files)); + if (!files) rv = NS_ERROR_FAILURE; + if (NS_FAILED(rv)) return rv; + //-- Get an SF file + rv = files->GetNext(getter_AddRefs(file)); + if (NS_FAILED(rv) || !file) return rv; + rv = file->GetName(getter_Copies(manifestFilename)); + if (NS_FAILED(rv)) return rv; + + PRUint32 manifestLen; + rv = LoadEntry(manifestFilename, getter_Copies(manifestBuffer), &manifestLen); + if (NS_FAILED(rv)) return rv; + + //-- Get its corresponding signature file + nsCAutoString sigFilename; + sigFilename = manifestFilename; + PRInt32 extension = sigFilename.RFindChar('.') + 1; + NS_ASSERTION(extension != 0, "Manifest Parser: Missing file extension."); + (void)sigFilename.Cut(extension, 2); + nsXPIDLCString sigBuffer; + PRUint32 sigLen; + rv = LoadEntry(sigFilename+"rsa", getter_Copies(sigBuffer), &sigLen); + if (NS_FAILED(rv)) + rv = LoadEntry(sigFilename+"RSA", getter_Copies(sigBuffer), &sigLen); + if (NS_FAILED(rv)) + rv = LoadEntry(sigFilename+"dsa", getter_Copies(sigBuffer), &sigLen); + if (NS_FAILED(rv)) + rv = LoadEntry(sigFilename+"DSA", getter_Copies(sigBuffer), &sigLen); + if (NS_FAILED(rv)) return rv; + + //-- Verify that the signature file is a valid signature of the SF file + nsCOMPtr principal; + PRInt16 preStatus; + rv = VerifySignature(manifestBuffer, manifestLen, + sigBuffer, sigLen, getter_AddRefs(principal), &preStatus); + if (NS_FAILED(rv)) return rv; + + //-- Parse the SF file. If the verification above failed, principal + // is null, and ParseOneFile will mark the relevant entries as invalid. + // if ParseOneFile fails, then it has no effect, and we can safely + // continue to the next SF file, or return. + ParseOneFile(manifestBuffer, JAR_SF, principal, preStatus); + DumpMetadata("PM Pass 2 End"); + + return NS_OK; + #endif +} + NS_IMETHODIMP -nsJAR::GetCertificatePrincipal(const char* aFilename, nsIPrincipal** aPrincipal) +nsJAR::GetCertificatePrincipal(const char* aFilename, nsIPrincipal** aPrincipal, + PRInt16* result) { #ifdef XP_MAC return NS_ERROR_NOT_IMPLEMENTED; #else //-- Parameter check + if (!aFilename) + return NS_ERROR_ILLEGAL_VALUE; if (!aPrincipal) return NS_ERROR_NULL_POINTER; *aPrincipal = nsnull; DumpMetadata("GetPrincipal"); - if (!mParsedManifest) - ParseManifest(); - - PRInt16 requestedStatus; - if (aFilename) + //-- Find the item + nsStringKey key(aFilename); + nsJARManifestItem* manItem = (nsJARManifestItem*)mManifestData.Get(&key); + if (manItem) + NS_ASSERTION(manItem->step2Complete, + "Attempt to get principal before verifying signature."); + if(!manItem || !manItem->step2Complete) { - //-- Find the item - nsStringKey key(aFilename); - nsJARManifestItem* manItem = (nsJARManifestItem*)mManifestData.Get(&key); - if (!manItem) - { - ReportError(aFilename, nsIZipReader::NOT_SIGNED); - return NS_OK; - } - if (!manItem->step2Complete) - { - //-- Creating an input stream causes step 2 of verification - nsCOMPtr tempStream; - if (NS_FAILED(CreateInputStream(aFilename, PR_TRUE, getter_AddRefs(tempStream)))) - return NS_ERROR_FAILURE; - NS_ASSERTION(manItem->step2Complete, "Verification step 2 is not complete"); - if (!manItem->step2Complete) - return NS_ERROR_FAILURE; - } - requestedStatus = manItem->status; + *result = nsIZipReader::NOT_SIGNED; + return NS_OK; } - else // User wants identity of signer w/o verifying any entries - requestedStatus = mGlobalStatus; - if (requestedStatus != nsIZipReader::VALID) - ReportError(aFilename, requestedStatus); - else // Valid signature + *result = manItem->status; + if (manItem->status == nsIZipReader::VALID) { - *aPrincipal = mPrincipal; + *aPrincipal = manItem->mPrincipal; NS_IF_ADDREF(*aPrincipal); } + return NS_OK; #endif } @@ -421,99 +507,9 @@ nsJAR::ReadLine(const char** src) return length; } -//-- The following #defines are used by ParseManifest() -// and ParseOneFile(). The header strings are defined in the JAR specification. -#define JAR_MF 1 -#define JAR_SF 2 -#define JAR_MF_SEARCH_STRING "(M|/M)ETA-INF/(M|m)(ANIFEST|anifest).(MF|mf)$" -#define JAR_SF_SEARCH_STRING "(M|/M)ETA-INF/*.(SF|sf)$" -#define JAR_MF_HEADER (const char*)"Manifest-Version: 1.0" -#define JAR_SF_HEADER (const char*)"Signature-Version: 1.0" - nsresult -nsJAR::ParseManifest() -{ -#ifdef XP_MAC -return NS_OK; -#else - //-- Verification Step 1 - if (mParsedManifest) - return NS_OK; - mParsedManifest = PR_TRUE; - - //-- (1)Manifest (MF) file - nsresult rv; - nsCOMPtr files; - rv = FindEntries(JAR_MF_SEARCH_STRING, getter_AddRefs(files)); - if (!files) rv = NS_ERROR_FAILURE; - if (NS_FAILED(rv)) return rv; - - //-- Load the file into memory - nsCOMPtr file; - rv = files->GetNext(getter_AddRefs(file)); - if (NS_FAILED(rv) || !file) return rv; - PRBool more; - rv = files->HasMoreElements(&more); - if (NS_FAILED(rv)) return rv; - if (more) return NS_ERROR_FILE_CORRUPTED; // More than one MF file - nsXPIDLCString manifestFilename; - rv = file->GetName(getter_Copies(manifestFilename)); - if (!manifestFilename || NS_FAILED(rv)) return rv; - nsXPIDLCString manifestBuffer; - rv = LoadEntry(manifestFilename, getter_Copies(manifestBuffer)); - if (NS_FAILED(rv)) return rv; - - //-- Parse it - rv = ParseOneFile(manifestBuffer, JAR_MF); - if (NS_FAILED(rv)) return rv; - DumpMetadata("PM Pass 1 End"); - - //-- (2)Signature (SF) file - // If there are multiple signatures, we select one. - rv = FindEntries(JAR_SF_SEARCH_STRING, getter_AddRefs(files)); - if (!files) rv = NS_ERROR_FAILURE; - if (NS_FAILED(rv)) return rv; - //-- Get an SF file - rv = files->GetNext(getter_AddRefs(file)); - if (NS_FAILED(rv) || !file) return rv; - rv = file->GetName(getter_Copies(manifestFilename)); - if (NS_FAILED(rv)) return rv; - - PRUint32 manifestLen; - rv = LoadEntry(manifestFilename, getter_Copies(manifestBuffer), &manifestLen); - if (NS_FAILED(rv)) return rv; - - //-- Get its corresponding signature file - nsCAutoString sigFilename; - sigFilename = manifestFilename; - PRInt32 extension = sigFilename.RFindChar('.') + 1; - NS_ASSERTION(extension != 0, "Manifest Parser: Missing file extension."); - (void)sigFilename.Cut(extension, 2); - nsXPIDLCString sigBuffer; - PRUint32 sigLen; - rv = LoadEntry(sigFilename+"rsa", getter_Copies(sigBuffer), &sigLen); - if (NS_FAILED(rv)) - rv = LoadEntry(sigFilename+"RSA", getter_Copies(sigBuffer), &sigLen); - if (NS_FAILED(rv)) return rv; - - //-- Verify that the signature file is a valid signature of the SF file - rv = VerifySignature(manifestBuffer, manifestLen, - sigBuffer, sigLen, getter_AddRefs(mPrincipal), &mGlobalStatus); - if (NS_FAILED(rv)) return rv; - - //-- Parse the SF file. If the verification above failed, principal - // is null, and ParseOneFile will mark the relevant entries as invalid. - // if ParseOneFile fails, then it has no effect, and we can safely - // continue to the next SF file, or return. - ParseOneFile(manifestBuffer, JAR_SF); - DumpMetadata("PM Pass 2 End"); - - return NS_OK; - #endif -} - -nsresult -nsJAR::ParseOneFile(const char* filebuf, PRInt16 aFileType) +nsJAR::ParseOneFile(const char* filebuf, PRInt16 aFileType, + nsIPrincipal* aPrincipal, PRInt16 aPreStatus) { //-- Check file header const char* nextLineStart = filebuf; @@ -604,7 +600,7 @@ nsJAR::ParseOneFile(const char* filebuf, PRInt16 aFileType) { NS_ASSERTION(curItemSF->status == nsJAR::NOT_SIGNED, "SECURITY ERROR: nsJARManifestItem not correctly initialized"); - curItemSF->status = mGlobalStatus; + curItemSF->status = aPreStatus; if (curItemSF->status == nsIZipReader::VALID) { // Compare digests if (storedSectionDigest.Length() == 0) @@ -614,6 +610,8 @@ nsJAR::ParseOneFile(const char* filebuf, PRInt16 aFileType) if (storedSectionDigest != (const char*)curItemSF->calculatedSectionDigest) curItemSF->status = nsIZipReader::INVALID_MANIFEST; + else + curItemSF->mPrincipal = aPrincipal; JAR_NULLFREE(curItemSF->calculatedSectionDigest) storedSectionDigest = ""; } @@ -694,7 +692,9 @@ nsresult nsJAR::VerifyEntry(const char* aEntryName, char* aEntryData, PRUint32 aLen) { -#ifndef XP_MAC +#ifdef XP_MAC + return NS_OK; +#else //-- Verification Step 2 // Check that verification is supported and step 1 has been done @@ -724,6 +724,9 @@ nsJAR::VerifyEntry(const char* aEntryName, char* aEntryData, JAR_NULLFREE(calculatedEntryDigest) JAR_NULLFREE(manItem->storedEntryDigest) } + + if(manItem->status != nsIZipReader::VALID) + manItem->mPrincipal = null_nsCOMPtr(); } manItem->step2Complete = PR_TRUE; @@ -732,58 +735,6 @@ nsJAR::VerifyEntry(const char* aEntryName, char* aEntryData, return NS_OK; } -void nsJAR::ReportError(const char* aFilename, PRInt16 errorCode) -{ - //-- Generate error message - nsAutoString message("Signature Verification Error: the signature on "); - if (aFilename) - message += aFilename; - else - message += "this .jar archive"; - message += " is invalid because "; - switch(errorCode) - { - case nsIZipReader::NOT_SIGNED: - message += "the archive did not contain a valid PKCS7 signature."; - break; - case nsIZipReader::INVALID_SIG: - message += "the digital signature (*.RSA) file is not a valid signature of "; - message += "the signature instruction file (*.SF)."; - break; - case nsIZipReader::INVALID_UNKNOWN_CA: - message += "the certificate used to sign this file has an unrecognized issuer."; - break; - case nsIZipReader::INVALID_MANIFEST: - message += "the signature instruction file (*.SF) does not contain a valid hash "; - message += "of the MANIFEST.MF file."; - break; - case nsIZipReader::INVALID_ENTRY: - message += "the MANIFEST.MF file does not contain a valid hash of the file "; - message += "being verified."; - break; - default: - message += "of an unknown problem."; - } - - // Report error in JS console - nsCOMPtr console - (do_GetService("mozilla.consoleservice.1")); - if (console) - { - PRUnichar* messageUni = message.ToNewUnicode(); - if (!messageUni) return; - console->LogStringMessage(messageUni); - nsAllocator::Free(messageUni); - } - else // If JS console reporting failed, print to stderr. - { - char* messageCstr = message.ToNewCString(); - if (!messageCstr) return; - fprintf(stderr, "%s\n", messageCstr); - nsAllocator::Free(messageCstr); - } -} - nsresult nsJAR::RestoreModTime(nsZipItem *aItem, nsIFile *aExtractedFile) { @@ -838,7 +789,7 @@ nsresult nsJAR::CalculateDigest(const char* aInBuf, PRUint32 aLen, if (!(*digest)) { PR_FREEIF(rawDigest); return NS_ERROR_OUT_OF_MEMORY; } PR_FREEIF(rawDigest); -#endif + #endif return NS_OK; } diff --git a/mozilla/modules/libjar/nsJAR.h b/mozilla/modules/libjar/nsJAR.h index f9d8681e486..4abd8aa9ba6 100644 --- a/mozilla/modules/libjar/nsJAR.h +++ b/mozilla/modules/libjar/nsJAR.h @@ -49,9 +49,9 @@ #include "nsIZipReader.h" #include "nsZipArchive.h" #include "zipfile.h" -#include "nsIPrincipal.h" class nsIInputStream; +class nsIPrincipal; /*------------------------------------------------------------------------- * Class nsJAR declaration. @@ -79,22 +79,20 @@ class nsJAR : public nsIZipReader protected: //-- Private data members - nsCOMPtr mZipFile; // The zip/jar file on disk - nsZipArchive mZip; // The underlying zip archive - nsObjectHashtable mManifestData; // Stores metadata for each entry + nsCOMPtr mZipFile; // The zip/jar file on disk + nsZipArchive mZip; // The underlying zip archive + nsObjectHashtable mManifestData; // Stores metadata for each entry PRBool mParsedManifest; // True if manifest has been parsed - nsCOMPtr mPrincipal; // The entity which signed this file - PRInt16 mGlobalStatus; // Global signature verification status //-- Private functions nsresult ParseManifest(); - void ReportError(const char* aFilename, PRInt16 errorCode); nsresult CreateInputStream(const char* aFilename, PRBool verify, nsIInputStream** result); nsresult LoadEntry(const char* aFilename, char** aBuf, PRUint32* aBufLen = nsnull); PRInt32 ReadLine(const char** src); - nsresult ParseOneFile(const char* filebuf, PRInt16 aFileType); + nsresult ParseOneFile(const char* filebuf, PRInt16 aFileType, + nsIPrincipal* aPrincipal, PRInt16 aPreStatus); nsresult VerifyEntry(const char* aEntryName, char* aEntryData, PRUint32 aLen); nsresult RestoreModTime(nsZipItem *aItem, nsIFile *aExtractedFile); diff --git a/mozilla/modules/libjar/nsJARChannel.cpp b/mozilla/modules/libjar/nsJARChannel.cpp index 89f490985da..3e57776c8d1 100644 --- a/mozilla/modules/libjar/nsJARChannel.cpp +++ b/mozilla/modules/libjar/nsJARChannel.cpp @@ -790,8 +790,10 @@ nsJARChannel::GetOwner(nsISupports* *aOwner) if (!mOwner) { nsCOMPtr certificate; + PRInt16 result; nsresult rv = mJAR->GetCertificatePrincipal(mJAREntry, - getter_AddRefs(certificate)); + getter_AddRefs(certificate), + &result); if (NS_FAILED(rv)) return NS_ERROR_FAILURE; if (certificate) { // Get the codebase principal diff --git a/mozilla/modules/libpref/src/nsPref.cpp b/mozilla/modules/libpref/src/nsPref.cpp index e0d3c5d9c5c..73724406ff1 100644 --- a/mozilla/modules/libpref/src/nsPref.cpp +++ b/mozilla/modules/libpref/src/nsPref.cpp @@ -79,6 +79,12 @@ #define PREFS_HEADER_LINE_2 "// This is a generated file!" #define INITIAL_MAX_DEFAULT_PREF_FILES 10 + +// Preferences that start with this string are subject to a security check +#define PREF_SECURITY_PREFIX "security." +// Cabability which must be enabled to access preferences starting with PREF_SECURITY_PREFIX +#define PREF_SECURITY_ACCESS_CAPABILITY "SecurityPreferenceAccess" + #include "prefapi_private_data.h" #if defined(DEBUG_mcafee) @@ -269,7 +275,8 @@ nsPref* nsPref::GetInstance() nsresult nsPref::SecurePrefCheck(const char* aPrefName) //---------------------------------------------------------------------------------------- { - static const char securityPrefix[] = "security."; + /* This will be uncommented very soon. For now, leave it alone. -mstoltz + static const char securityPrefix[] = PREF_SECURITY_PREFIX; if (PL_strnstr(aPrefName, securityPrefix, sizeof(securityPrefix)) == 0) return NS_OK; @@ -278,9 +285,10 @@ nsresult nsPref::SecurePrefCheck(const char* aPrefName) NS_WITH_SERVICE(nsIScriptSecurityManager, secMan, kSecurityManagerCID, &rv); if (NS_FAILED(rv)) return NS_ERROR_FAILURE; PRBool enabled; - rv = secMan->IsCapabilityEnabled("SecurityPreferencesAccess", &enabled); + rv = secMan->IsCapabilityEnabled(PREF_SECURITY_ACCESS_CAPABILITY, &enabled); if (NS_FAILED(rv) || !enabled) return NS_ERROR_FAILURE; + */ return NS_OK; } diff --git a/mozilla/netwerk/protocol/jar/src/nsJARChannel.cpp b/mozilla/netwerk/protocol/jar/src/nsJARChannel.cpp index 89f490985da..3e57776c8d1 100644 --- a/mozilla/netwerk/protocol/jar/src/nsJARChannel.cpp +++ b/mozilla/netwerk/protocol/jar/src/nsJARChannel.cpp @@ -790,8 +790,10 @@ nsJARChannel::GetOwner(nsISupports* *aOwner) if (!mOwner) { nsCOMPtr certificate; + PRInt16 result; nsresult rv = mJAR->GetCertificatePrincipal(mJAREntry, - getter_AddRefs(certificate)); + getter_AddRefs(certificate), + &result); if (NS_FAILED(rv)) return NS_ERROR_FAILURE; if (certificate) { // Get the codebase principal